Jim Wise <jw250@columbia.edu> writes:
> When you load a module, using ml, you can use `ml ld ...' to load a
> module, which is the same as modload under NetBSD, or you can use
> `ml reg ...' to `register' a module. A registered module is duly noted by
> the kernel, but is not loaded until it is used. This makes it possible,
> for example, to have a kernel which can use any supported device, but
> which is hardly larger than a kernel stripped to just those devices which
> are present.
I was going to suggest the following for this sort of thing:
(1) a command, run at securelevel 0, which does an md5 hash and remembers
the size and name of an LKM, and gives this to the kernel.
(2) a userland daemon. If you want dynamic loading, you run this.
(3) a command to load a module which was previously identified in the
kernel.
This would more or less remove security holes from the LKM loading after
securelevel 0 is gone part I believe.
--Michael